projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2847e03) | patch
tiff: version bump to address open CVEs 5541/head
authorSebastian Kemper <sebastian_ml@gmx.net>
Tue, 30 Jan 2018 14:13:05 +0000 (15:13 +0100)
committerSebastian Kemper <sebastian_ml@gmx.net>
Tue, 30 Jan 2018 14:17:42 +0000 (15:17 +0100)
commit4e93c8bf468bb1d368d60e34de85a807d292c5de
tree40e5a8f8656e62cf0dd8cf39a51873a391df7f66tree | snapshot
parent2847e03934e971351c6019eaf41c96d7b5ad5884commit | diff
tiff: version bump to address open CVEs

- Version bump to 4.0.9, as otherwise ca. a dozen patches would need
  to be added to fix the open CVEs. There have been no API/ABI
  changes between 4.0.6 and 4.0.9, so this is OK.
- Adds patches copied from Debian for CVE-2017-18013 and CVE-2017-9935
  on top.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
libs/tiff/Makefile diff | blob | history
libs/tiff/patches/002-CVE-2015-8665_and_CVE-2015-8683.patch [deleted file] blob | history
libs/tiff/patches/003-fix_potential_out-of-bound_writes_in_decode_functions.patch [deleted file] blob | history
libs/tiff/patches/004-fix_potential_out-of-bound_write_in_NeXTDecode.patch [deleted file] blob | history
libs/tiff/patches/005-fix-ftell-macro.patch diff | blob | history
libs/tiff/patches/019-CVE-2017-18013.patch [new file with mode: 0644] blob
libs/tiff/patches/020-CVE-2017-9935.patch [new file with mode: 0644] blob
Mirror of packages feed